Security awareness seminar held at the Energus building, Lillyhall on 27th July 2010.
We will assist in planning of new corporate buildings to ensure nothing has been missed regarding physical security, access control and network design requirements. Once the building is complete, we will ensure that the staff are well trained to maintain the confidentiality, availability and integrity of the information within.
Get yourself a sense of security
Securing your IT - and reputatiion
Cumbrian firms urged to be better prepared for floods
News and Star
Keeping newsroom information safe
Submitted to UK Press Gazette
Cumbrians must prepare for wave of Cyber Crime
Lake District Messenger
Can your web site be trusted?
Lake District Messenger
Ask the average business person what they require from a website and the response will probably fall into one or more of the following categories:
Whenever I ask this question, it is very rarely that I hear the words "it should be secure".
The main reason for this is that customers take it for granted that security will be built in as part of the service provided by the vendor.
But I don't think that we are right to assume that adequate precautions are always taken to protect our global shop window - so we need to ask the right questions. It may be tempting to dismiss web security as an issue that only affects e-commerce sites - but we must not forget that the web site is often a prospective client's first port of call and any defacement actually damages the company's reputation and the trust that customers have in the products and services.
It is alarming to find how easy it is to identify vulnerable sites and post unsavoury slogans on home pages.
As many web developers use the ubiquitous "free" website text editors to allow customers to update sites, the general public is left unaware that armies of hackers are actively looking for vulnerabilities in such programs - and finding them.
Recently, a rural county show website had its home page replaced by Islamist extremist propaganda which left the locals perplexed. After all, why should extremists target such an event?
The answer is simple: the perpetrators didn't know (or care) which site they were attacking. They just left a computer program running that located sites using vulnerable text editors and automatically injected their hateful message.
A more subtle attack randomly changes the odd word or punctuation and results in the site looking amateurish and leaves a bad impression on potential customers.
Wherever there are forms to complete on a web page, care should be taken that the vendor has plugged all relevant vulnerabilities against Cross Site Scripting (XSS) or SQL Injection.
XSS is the method used by hackers to insert "rogue" code into your site that results in anything from pop up messages through to a complete redirection to another, often unsavoury, site.
Remember that, once this has happened, questions will start to form in the mind of visitors as to whether your company is trustworthy - especially if they ended up at a pornographic website or even downloaded viruses - thanks to your site.
When a site has been attacked, the affected business will find itself in a catch-22 situation regarding an apology. They may not wish to display a message on the homepage apologising for the damage caused as this could deter future visitors - but this would leave affected visitors fuming that there wasn't any remorse shown.
SQL Injection is a method used by hackers to interfere with a database that your site may be using. Using an online form, say the username / password text boxes, the database language (SQL) can be inserted to wreak havoc on the site and possibly divulge sensitive client information.
It is vital that any vendor offering database interaction is asked to demonstrate that the SQL injection vulnerability has been removed.
Other questions that you should ask of vendors: